Windows 2008 R2 NAP RADIUS Ignore dial in settings

If you have problem with CISCO PPTP VPN and RADIUS Windows 2008 R2, If access permission is ignored, even if „Ignore user account dial-in” checked.

Authentication Details:
Connection Request Policy Name:    Use Windows authentication for all users
Network Policy Name:        Connections to other access servers
Authentication Provider:        Windows
Authentication Server:        xxx
Authentication Type:        MS-CHAPv2
EAP Type:            –
Account Session Identifier:        –
Logging Results:            Accounting information was written to the local log file.
Reason Code:            65
Reason:                The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.

Go to:
RADIUS Clients – note friendly name ( fg. cisco-1 )
Next goto:

Network Policies -> Your Policy Name ->
State: enable
Grant access
Ignore user account dial-in properties
Type of network access server: Unspecified (!!!)
Next tab: Conditions
Set: User Groups ( YourGroup )
Set: Client friendly name: ( fg. cisco-1 )

It’s important to have the same friendly name, and server type ( not VPN Dial in )

Good luck!